From fc8520b0614de6634e2a989a2c3eac8598b5ba0b Mon Sep 17 00:00:00 2001 From: abhinavnagaraj Date: Sun, 14 Jun 2026 06:46:35 +0000 Subject: [PATCH 1/4] fix: shorten non-FIPS predictable NIC names on multi-port hardware Non-FIPS HWE kernels append np* physical-port suffixes (e.g. enp153s0f0np0), which breaks VLAN sub-interfaces under Linux's 15-char limit. Install udev hwdb rules and pin net.naming-scheme=v252 for non-FIPS Ubuntu builds only; FIPS images are unchanged. Co-authored-by: Cursor --- Earthfile | 24 ++++++++++++++++++++++++ cloudconfigs/50-canvos-net-naming.hwdb | 5 +++++ cloudconfigs/80_stylus_net_naming.yaml | 5 +++++ 3 files changed, 34 insertions(+) create mode 100644 cloudconfigs/50-canvos-net-naming.hwdb create mode 100644 cloudconfigs/80_stylus_net_naming.yaml diff --git a/Earthfile b/Earthfile index f393d8ce..f99626f3 100644 --- a/Earthfile +++ b/Earthfile @@ -286,6 +286,11 @@ build-uki-iso: ENV ISO_NAME=${ISO_NAME} COPY overlay/files-iso/ /overlay/ COPY --if-exists +validate-user-data/user-data /overlay/config.yaml + + RUN if [ "$FIPS_ENABLED" = "false" ]; then \ + sed -i 's/net\.ifnames=1/net.ifnames=1 net.naming-scheme=v252/g' /overlay/boot/grub2/grub.cfg; \ + fi + COPY --platform=linux/${ARCH} +stylus-image-pack/stylus-image.tar /overlay/stylus-image.tar COPY --platform=linux/${ARCH} (+third-party/luet --binary=luet) /overlay/luet COPY --if-exists "$EDGE_CUSTOM_CONFIG" /overlay/.edge_custom_config.yaml @@ -374,6 +379,11 @@ build-iso: sed -i '/rd.immucore.sysrootwait/s/$/ rd.immucore.debug console=tty0 rd.debug/' /overlay/boot/grub2/grub.cfg; \ fi + # Non-FIPS: pin net naming on live ISO boot (see cloudconfigs/50-canvos-net-naming.hwdb) + RUN if [ "$FIPS_ENABLED" = "false" ]; then \ + sed -i 's/net\.ifnames=1/net.ifnames=1 net.naming-scheme=v252/g' /overlay/boot/grub2/grub.cfg; \ + fi + # Add content files (split if > 3GB) COPY --if-exists content-*/*.zst /overlay/opt/spectrocloud/content/ RUN if [ -n "$(ls /overlay/opt/spectrocloud/content/*.zst 2>/dev/null)" ]; then \ @@ -791,6 +801,14 @@ base-image: RUN /tmp/harden.sh && rm /tmp/harden.sh END + # Non-FIPS HWE kernels (6.8+) append np* port suffixes on multi-port NICs, producing + # names too long for VLAN sub-interfaces (15-char Linux limit). FIPS stays on 5.15-fips. + IF [ "$FIPS_ENABLED" = "false" ] + COPY cloudconfigs/50-canvos-net-naming.hwdb /etc/udev/hwdb.d/50-canvos-net-naming.hwdb + RUN udevadm hwdb --update + COPY cloudconfigs/80_stylus_net_naming.yaml /etc/kairos/80_stylus_net_naming.yaml + END + IF [ ! -z "$UBUNTU_PRO_KEY" ] RUN pro detach --assume-yes END @@ -848,6 +866,12 @@ base-image: RUN if ! grep -Fq "systemd.unified_cgroup_hierarchy=1" /etc/cos/bootargs.cfg; then \ sed -i 's|\(set baseCmd="[^"]*\)"|\1 systemd.unified_cgroup_hierarchy=1"|' /etc/cos/bootargs.cfg; \ fi + + IF [ "$FIPS_ENABLED" = "false" ] + RUN if ! grep -Fq "net.naming-scheme=v252" /etc/cos/bootargs.cfg; then \ + sed -i 's|\(set baseCmd="[^"]*\)"|\1 net.naming-scheme=v252"|' /etc/cos/bootargs.cfg; \ + fi + END END KAIROS_RELEASE: diff --git a/cloudconfigs/50-canvos-net-naming.hwdb b/cloudconfigs/50-canvos-net-naming.hwdb new file mode 100644 index 00000000..f00a4a37 --- /dev/null +++ b/cloudconfigs/50-canvos-net-naming.hwdb @@ -0,0 +1,5 @@ +# Omit physical port suffix (np0/np1/...) on multi-port NICs for shorter predictable +# interface names on non-FIPS HWE kernels (e.g. enp153s0f0 instead of enp153s0f0np0). +# See systemd.net-naming-scheme(7). +ID_NET_NAME_ALLOW_PHYS_PORT_NAME=0 +ID_NET_NAME_ALLOW_DEV_PORT=0 diff --git a/cloudconfigs/80_stylus_net_naming.yaml b/cloudconfigs/80_stylus_net_naming.yaml new file mode 100644 index 00000000..6dd51a43 --- /dev/null +++ b/cloudconfigs/80_stylus_net_naming.yaml @@ -0,0 +1,5 @@ +#cloud-config +# Non-FIPS: pin systemd net naming to v252 so live/install naming matches older FIPS +# images and avoids the np* physical-port suffix on multi-port bare-metal NICs. +grub_options: + extra_cmdline: "net.naming-scheme=v252" From 50681d3b72b483e8f0c7cbf2e526b607e6573fdd Mon Sep 17 00:00:00 2001 From: abhinavnagaraj Date: Mon, 15 Jun 2026 21:06:42 +0000 Subject: [PATCH 2/4] fix: strip np* NIC suffix via udev on systemd 249 hwdb ID_NET_NAME_ALLOW_* and net.naming-scheme=v252 do not suppress phys_port_name suffixes on Ubuntu 22.04. Use a late udev rule instead. Co-authored-by: Cursor --- Earthfile | 32 ++++++------------- cloudconfigs/50-canvos-net-naming.hwdb | 5 --- cloudconfigs/80_stylus_net_naming.yaml | 5 --- overlay/net-naming/99-canvos-net-naming.rules | 6 ++++ overlay/net-naming/canvos-strip-np-suffix | 15 +++++++++ 5 files changed, 31 insertions(+), 32 deletions(-) delete mode 100644 cloudconfigs/50-canvos-net-naming.hwdb delete mode 100644 cloudconfigs/80_stylus_net_naming.yaml create mode 100644 overlay/net-naming/99-canvos-net-naming.rules create mode 100755 overlay/net-naming/canvos-strip-np-suffix diff --git a/Earthfile b/Earthfile index f99626f3..a68e826f 100644 --- a/Earthfile +++ b/Earthfile @@ -287,10 +287,6 @@ build-uki-iso: COPY overlay/files-iso/ /overlay/ COPY --if-exists +validate-user-data/user-data /overlay/config.yaml - RUN if [ "$FIPS_ENABLED" = "false" ]; then \ - sed -i 's/net\.ifnames=1/net.ifnames=1 net.naming-scheme=v252/g' /overlay/boot/grub2/grub.cfg; \ - fi - COPY --platform=linux/${ARCH} +stylus-image-pack/stylus-image.tar /overlay/stylus-image.tar COPY --platform=linux/${ARCH} (+third-party/luet --binary=luet) /overlay/luet COPY --if-exists "$EDGE_CUSTOM_CONFIG" /overlay/.edge_custom_config.yaml @@ -379,11 +375,6 @@ build-iso: sed -i '/rd.immucore.sysrootwait/s/$/ rd.immucore.debug console=tty0 rd.debug/' /overlay/boot/grub2/grub.cfg; \ fi - # Non-FIPS: pin net naming on live ISO boot (see cloudconfigs/50-canvos-net-naming.hwdb) - RUN if [ "$FIPS_ENABLED" = "false" ]; then \ - sed -i 's/net\.ifnames=1/net.ifnames=1 net.naming-scheme=v252/g' /overlay/boot/grub2/grub.cfg; \ - fi - # Add content files (split if > 3GB) COPY --if-exists content-*/*.zst /overlay/opt/spectrocloud/content/ RUN if [ -n "$(ls /overlay/opt/spectrocloud/content/*.zst 2>/dev/null)" ]; then \ @@ -782,6 +773,16 @@ base-image: rm -rf /var/lib/apt/lists/* RUN kernel=$(ls /boot/vmlinuz-* | tail -n1) && \ ln -sf "${kernel#/boot/}" /boot/vmlinuz + + # Non-FIPS HWE kernels (6.8+) append np* port suffixes on multi-port NICs, producing + # names too long for VLAN sub-interfaces (15-char Linux limit). FIPS stays on 5.15-fips. + # systemd 249 (Ubuntu 22.04) has no ID_NET_NAME_ALLOW_PHYS_PORT_NAME; strip np* via udev. + IF [ "$FIPS_ENABLED" = "false" ] + COPY overlay/net-naming/canvos-strip-np-suffix /usr/lib/canvos/canvos-strip-np-suffix + RUN chmod 755 /usr/lib/canvos/canvos-strip-np-suffix + COPY overlay/net-naming/99-canvos-net-naming.rules /etc/udev/rules.d/99-canvos-net-naming.rules + END + # Skip dracut when FIPS is enabled - the Dockerfile will include custom dracut modules.fips IF [ "$FIPS_ENABLED" = "false" ] RUN kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && \ @@ -801,14 +802,6 @@ base-image: RUN /tmp/harden.sh && rm /tmp/harden.sh END - # Non-FIPS HWE kernels (6.8+) append np* port suffixes on multi-port NICs, producing - # names too long for VLAN sub-interfaces (15-char Linux limit). FIPS stays on 5.15-fips. - IF [ "$FIPS_ENABLED" = "false" ] - COPY cloudconfigs/50-canvos-net-naming.hwdb /etc/udev/hwdb.d/50-canvos-net-naming.hwdb - RUN udevadm hwdb --update - COPY cloudconfigs/80_stylus_net_naming.yaml /etc/kairos/80_stylus_net_naming.yaml - END - IF [ ! -z "$UBUNTU_PRO_KEY" ] RUN pro detach --assume-yes END @@ -867,11 +860,6 @@ base-image: sed -i 's|\(set baseCmd="[^"]*\)"|\1 systemd.unified_cgroup_hierarchy=1"|' /etc/cos/bootargs.cfg; \ fi - IF [ "$FIPS_ENABLED" = "false" ] - RUN if ! grep -Fq "net.naming-scheme=v252" /etc/cos/bootargs.cfg; then \ - sed -i 's|\(set baseCmd="[^"]*\)"|\1 net.naming-scheme=v252"|' /etc/cos/bootargs.cfg; \ - fi - END END KAIROS_RELEASE: diff --git a/cloudconfigs/50-canvos-net-naming.hwdb b/cloudconfigs/50-canvos-net-naming.hwdb deleted file mode 100644 index f00a4a37..00000000 --- a/cloudconfigs/50-canvos-net-naming.hwdb +++ /dev/null @@ -1,5 +0,0 @@ -# Omit physical port suffix (np0/np1/...) on multi-port NICs for shorter predictable -# interface names on non-FIPS HWE kernels (e.g. enp153s0f0 instead of enp153s0f0np0). -# See systemd.net-naming-scheme(7). -ID_NET_NAME_ALLOW_PHYS_PORT_NAME=0 -ID_NET_NAME_ALLOW_DEV_PORT=0 diff --git a/cloudconfigs/80_stylus_net_naming.yaml b/cloudconfigs/80_stylus_net_naming.yaml deleted file mode 100644 index 6dd51a43..00000000 --- a/cloudconfigs/80_stylus_net_naming.yaml +++ /dev/null @@ -1,5 +0,0 @@ -#cloud-config -# Non-FIPS: pin systemd net naming to v252 so live/install naming matches older FIPS -# images and avoids the np* physical-port suffix on multi-port bare-metal NICs. -grub_options: - extra_cmdline: "net.naming-scheme=v252" diff --git a/overlay/net-naming/99-canvos-net-naming.rules b/overlay/net-naming/99-canvos-net-naming.rules new file mode 100644 index 00000000..51e6c3ea --- /dev/null +++ b/overlay/net-naming/99-canvos-net-naming.rules @@ -0,0 +1,6 @@ +# Non-FIPS Ubuntu 22.04 (systemd 249): shorten names like eno12399np0 -> eno12399 +# after 80-net-setup-link has computed ID_NET_NAME. Runs late so NAME overrides +# the default predictable name for this udev event only. +SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_NAME}=="?*", \ + PROGRAM="/usr/lib/canvos/canvos-strip-np-suffix %E{ID_NET_NAME}", \ + NAME="%c" diff --git a/overlay/net-naming/canvos-strip-np-suffix b/overlay/net-naming/canvos-strip-np-suffix new file mode 100755 index 00000000..4935cee6 --- /dev/null +++ b/overlay/net-naming/canvos-strip-np-suffix @@ -0,0 +1,15 @@ +#!/bin/sh +# Strip trailing np suffix from predictable interface names assigned by udev. +# HWE 6.8+ drivers expose phys_port_name; systemd 249 always appends it (no +# ID_NET_NAME_ALLOW_PHYS_PORT_NAME until systemd 256+). net.naming-scheme=v252 +# does not suppress the suffix on Ubuntu 22.04. +set -eu + +name=${1:-} +if [ -z "$name" ]; then + exit 1 +fi + +short=$(printf '%s' "$name" | sed -E 's/np[0-9]+$//') +# Linux IFNAMSIZ is 16 bytes including the terminating NUL. +printf '%s\n' "$short" | cut -c1-15 From f3b5644b7c6c2d6fa1519cb41f0243056de1a535 Mon Sep 17 00:00:00 2001 From: abhinavnagaraj Date: Mon, 15 Jun 2026 21:14:56 +0000 Subject: [PATCH 3/4] fix: install np* strip udev rule on all CanvOS OS targets Move net-naming into overlay/files and install from base-image for every supported distribution and image type (ISO, UKI, cloud/agent AWS, MAAS). VMware and AWS ens* names pass through unchanged. Co-authored-by: Cursor --- Earthfile | 30 +++++++++---------- .../udev/rules.d/99-canvos-net-naming.rules | 5 ++++ .../usr/lib/canvos}/canvos-strip-np-suffix | 5 ++-- overlay/net-naming/99-canvos-net-naming.rules | 6 ---- 4 files changed, 21 insertions(+), 25 deletions(-) create mode 100644 overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules rename overlay/{net-naming => files/usr/lib/canvos}/canvos-strip-np-suffix (59%) delete mode 100644 overlay/net-naming/99-canvos-net-naming.rules diff --git a/Earthfile b/Earthfile index a68e826f..d04f4971 100644 --- a/Earthfile +++ b/Earthfile @@ -774,21 +774,6 @@ base-image: RUN kernel=$(ls /boot/vmlinuz-* | tail -n1) && \ ln -sf "${kernel#/boot/}" /boot/vmlinuz - # Non-FIPS HWE kernels (6.8+) append np* port suffixes on multi-port NICs, producing - # names too long for VLAN sub-interfaces (15-char Linux limit). FIPS stays on 5.15-fips. - # systemd 249 (Ubuntu 22.04) has no ID_NET_NAME_ALLOW_PHYS_PORT_NAME; strip np* via udev. - IF [ "$FIPS_ENABLED" = "false" ] - COPY overlay/net-naming/canvos-strip-np-suffix /usr/lib/canvos/canvos-strip-np-suffix - RUN chmod 755 /usr/lib/canvos/canvos-strip-np-suffix - COPY overlay/net-naming/99-canvos-net-naming.rules /etc/udev/rules.d/99-canvos-net-naming.rules - END - - # Skip dracut when FIPS is enabled - the Dockerfile will include custom dracut modules.fips - IF [ "$FIPS_ENABLED" = "false" ] - RUN kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && \ - dracut -f "/boot/initrd-${kernel}" "${kernel}" && \ - ln -sf "initrd-${kernel}" /boot/initrd - END RUN kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && \ depmod -a "${kernel}" @@ -817,7 +802,6 @@ base-image: IF [ -e "/usr/bin/dracut" ] RUN --no-cache kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && depmod -a "${kernel}" - RUN --no-cache kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && dracut -f "/boot/initrd-${kernel}" "${kernel}" && ln -sf "initrd-${kernel}" /boot/initrd END RUN zypper install -y zstd vim iputils bridge-utils curl ethtool tcpdump && \ @@ -836,6 +820,20 @@ base-image: RUN yum install -y openssl rsyslog logrotate END + # Non-FIPS: strip np* phys-port suffixes from predictable NIC names (bare metal). + # Installed for all OS/arch (ubuntu, opensuse-leap, sles, rhel) and image types + # (ISO, UKI, cloud/agent-mode AWS, MAAS). No-op on VMware/AWS ens* interfaces. + IF [ "$FIPS_ENABLED" = "false" ] + COPY overlay/files/usr/lib/canvos/canvos-strip-np-suffix /usr/lib/canvos/canvos-strip-np-suffix + RUN chmod 755 /usr/lib/canvos/canvos-strip-np-suffix + COPY overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules /etc/udev/rules.d/99-canvos-net-naming.rules + IF [ "$IS_UKI" = "false" ] && [ -e "/usr/bin/dracut" ] + RUN --no-cache kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && \ + dracut -f "/boot/initrd-${kernel}" "${kernel}" && \ + ln -sf "initrd-${kernel}" /boot/initrd + END + END + DO +OS_RELEASE --OS_VERSION=$KAIROS_VERSION DO +KAIROS_RELEASE --OS_VERSION=$OS_VERSION --OS_DISTRIBUTION=$OS_DISTRIBUTION --ARCH=$ARCH --IS_MAAS=$IS_MAAS diff --git a/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules b/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules new file mode 100644 index 00000000..f46522c4 --- /dev/null +++ b/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules @@ -0,0 +1,5 @@ +# Shorten bare-metal NIC names like eno12399np0 -> eno12399 after 80-net-setup-link. +# Safe no-op for VMware/AWS/cloud ens* names (no np* suffix). All CanvOS systemd targets. +SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_NAME}=="?*", \ + PROGRAM="/usr/lib/canvos/canvos-strip-np-suffix %E{ID_NET_NAME}", \ + NAME="%c" diff --git a/overlay/net-naming/canvos-strip-np-suffix b/overlay/files/usr/lib/canvos/canvos-strip-np-suffix similarity index 59% rename from overlay/net-naming/canvos-strip-np-suffix rename to overlay/files/usr/lib/canvos/canvos-strip-np-suffix index 4935cee6..78d719c4 100755 --- a/overlay/net-naming/canvos-strip-np-suffix +++ b/overlay/files/usr/lib/canvos/canvos-strip-np-suffix @@ -1,8 +1,7 @@ #!/bin/sh # Strip trailing np suffix from predictable interface names assigned by udev. -# HWE 6.8+ drivers expose phys_port_name; systemd 249 always appends it (no -# ID_NET_NAME_ALLOW_PHYS_PORT_NAME until systemd 256+). net.naming-scheme=v252 -# does not suppress the suffix on Ubuntu 22.04. +# Modern drivers expose phys_port_name; older systemd (e.g. 249 on Ubuntu 22.04) +# always appends it. Names without np* (VMware ens*, AWS ens*, etc.) pass through unchanged. set -eu name=${1:-} diff --git a/overlay/net-naming/99-canvos-net-naming.rules b/overlay/net-naming/99-canvos-net-naming.rules deleted file mode 100644 index 51e6c3ea..00000000 --- a/overlay/net-naming/99-canvos-net-naming.rules +++ /dev/null @@ -1,6 +0,0 @@ -# Non-FIPS Ubuntu 22.04 (systemd 249): shorten names like eno12399np0 -> eno12399 -# after 80-net-setup-link has computed ID_NET_NAME. Runs late so NAME overrides -# the default predictable name for this udev event only. -SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_NAME}=="?*", \ - PROGRAM="/usr/lib/canvos/canvos-strip-np-suffix %E{ID_NET_NAME}", \ - NAME="%c" From 1fea35a54e66c21784d92c34dc47d6803e60ee0b Mon Sep 17 00:00:00 2001 From: abhinavnagaraj Date: Mon, 15 Jun 2026 21:29:38 +0000 Subject: [PATCH 4/4] fix: gate np* stripping to fresh installs only Legacy production nodes keep long interface names across day-2 provider upgrades. Fresh installs write /oem/.canvos-strip-np-enabled during after-install so new bare-metal nodes get VLAN-safe short names. Co-authored-by: Cursor --- Earthfile | 4 ++- cloudconfigs/80_canvos_net_naming.yaml | 25 +++++++++++++++++++ .../udev/rules.d/99-canvos-net-naming.rules | 3 ++- .../usr/lib/canvos/canvos-strip-np-suffix | 21 ++++++++++++---- 4 files changed, 46 insertions(+), 7 deletions(-) create mode 100644 cloudconfigs/80_canvos_net_naming.yaml diff --git a/Earthfile b/Earthfile index d04f4971..7d58c7ff 100644 --- a/Earthfile +++ b/Earthfile @@ -821,12 +821,14 @@ base-image: END # Non-FIPS: strip np* phys-port suffixes from predictable NIC names (bare metal). + # Install-only via /oem marker (see cloudconfigs/80_canvos_net_naming.yaml). # Installed for all OS/arch (ubuntu, opensuse-leap, sles, rhel) and image types - # (ISO, UKI, cloud/agent-mode AWS, MAAS). No-op on VMware/AWS ens* interfaces. + # (ISO, UKI, cloud/agent-mode AWS, MAAS). Legacy day-2 upgrades keep long names. IF [ "$FIPS_ENABLED" = "false" ] COPY overlay/files/usr/lib/canvos/canvos-strip-np-suffix /usr/lib/canvos/canvos-strip-np-suffix RUN chmod 755 /usr/lib/canvos/canvos-strip-np-suffix COPY overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules /etc/udev/rules.d/99-canvos-net-naming.rules + COPY cloudconfigs/80_canvos_net_naming.yaml /etc/kairos/80_canvos_net_naming.yaml IF [ "$IS_UKI" = "false" ] && [ -e "/usr/bin/dracut" ] RUN --no-cache kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && \ dracut -f "/boot/initrd-${kernel}" "${kernel}" && \ diff --git a/cloudconfigs/80_canvos_net_naming.yaml b/cloudconfigs/80_canvos_net_naming.yaml new file mode 100644 index 00000000..4a986984 --- /dev/null +++ b/cloudconfigs/80_canvos_net_naming.yaml @@ -0,0 +1,25 @@ +#cloud-config +stages: + after-install: + - name: "Enable CanvOS np suffix stripping on fresh install" + if: '[ ! -f $STYLUS_ROOT/opt/spectrocloud/state/agent-mode ]' + commands: + - mkdir -p /etc/canvos + - touch /etc/canvos/strip-np-enabled + - if: '[ ! -e "/run/cos/uki_boot_mode" ] && [ ! -e "/run/cos/uki_install_mode" ] && [ ! -f $STYLUS_ROOT/opt/spectrocloud/state/agent-mode ]' + name: "Persist CanvOS np suffix stripping marker on oem" + commands: + - if mount | grep /oem >/dev/null; then umount /oem || /bin/true; fi + - mount $(findfs PARTLABEL=oem) /oem + - touch /oem/.canvos-strip-np-enabled + - umount /oem || /bin/true + - if: '[ -e "/run/cos/uki_install_mode" ] && [ ! -f $STYLUS_ROOT/opt/spectrocloud/state/agent-mode ]' + name: "Persist CanvOS np suffix stripping marker on oem (UKI)" + commands: + - if mount | grep /oem >/dev/null; then umount /oem || /bin/true; fi + - for d in /dev/mapper/*; do if [ ! "$d" = "/dev/mapper/control" ]; then cryptsetup close $d; fi; done + - /usr/lib/systemd/systemd-cryptsetup attach oem $(findfs PARTLABEL=oem) - tpm2-device=auto + - mount /dev/mapper/oem /oem + - touch /oem/.canvos-strip-np-enabled + - if mount | grep /oem >/dev/null; then umount /oem || /bin/true; fi + - if [ -e /dev/mapper/oem ]; then cryptsetup close /dev/mapper/oem; fi diff --git a/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules b/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules index f46522c4..c5dc5ff6 100644 --- a/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules +++ b/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules @@ -1,5 +1,6 @@ # Shorten bare-metal NIC names like eno12399np0 -> eno12399 after 80-net-setup-link. -# Safe no-op for VMware/AWS/cloud ens* names (no np* suffix). All CanvOS systemd targets. +# Install-only: enabled when /oem/.canvos-strip-np-enabled exists (fresh install). +# Safe no-op for legacy nodes, VMware/AWS ens*, and agent-mode cloud VMs. SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_NAME}=="?*", \ PROGRAM="/usr/lib/canvos/canvos-strip-np-suffix %E{ID_NET_NAME}", \ NAME="%c" diff --git a/overlay/files/usr/lib/canvos/canvos-strip-np-suffix b/overlay/files/usr/lib/canvos/canvos-strip-np-suffix index 78d719c4..7e0efd49 100755 --- a/overlay/files/usr/lib/canvos/canvos-strip-np-suffix +++ b/overlay/files/usr/lib/canvos/canvos-strip-np-suffix @@ -1,7 +1,7 @@ #!/bin/sh # Strip trailing np suffix from predictable interface names assigned by udev. -# Modern drivers expose phys_port_name; older systemd (e.g. 249 on Ubuntu 22.04) -# always appends it. Names without np* (VMware ens*, AWS ens*, etc.) pass through unchanged. +# Enabled only on fresh installs (marker on /oem or /etc). Legacy nodes pass through. +# Names without np* (VMware ens*, AWS ens*, etc.) are unchanged either way. set -eu name=${1:-} @@ -9,6 +9,17 @@ if [ -z "$name" ]; then exit 1 fi -short=$(printf '%s' "$name" | sed -E 's/np[0-9]+$//') -# Linux IFNAMSIZ is 16 bytes including the terminating NUL. -printf '%s\n' "$short" | cut -c1-15 +for marker in \ + /oem/.canvos-strip-np-enabled \ + /etc/canvos/strip-np-enabled \ + /sysroot/oem/.canvos-strip-np-enabled \ + /sysroot/etc/canvos/strip-np-enabled +do + if [ -f "$marker" ]; then + short=$(printf '%s' "$name" | sed -E 's/np[0-9]+$//') + printf '%s\n' "$short" | cut -c1-15 + exit 0 + fi +done + +printf '%s\n' "$name" | cut -c1-15